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, Abstract. We investigate the problem asking whether the intersection of a context-free language 
(CFL) and a Petri net language (PNL) is empty. Our contribution to solve this long-standing problem 
which relates, for instance, to the reachability analysis of recursive programs over unbounded data 
domain, is to identify a class of CFLs called the finite-index CFLs for which the problem is decidable. 
The fc-index approximation of a CFL can be obtained by discarding all the words that cannot be 
derived within a budget k on the number of occurrences of non-terminals. A finite-index CFL is thus 
a CFL which coincides with its fc-index approximation for some k. We decide whether the intersection 
of a finite-index CFL and a PNL is empty by reducing it to the reachability problem of Petri nets with 
weak inhibitor arcs, a class of systems with infinitely many states for which reachability is known to 
be decidable. Conversely, we show that the reachability problem for a Petri net with weak inhibitor 
arcs reduces to the emptiness problem of a finite-index CFL intersected with a PNL. 

^ 1 Introduction 

vn '. 

. Automated verification of infinite-state systems, for instance programs with (recursive) pro- 
^ cedures and integer variables, is an important and a highly challenging problem. Pushdown 
. . automata (or equivalently context-free grammars) have been proposed as an adequate for- 
. ^ malism to model procedural programs. However pushdown automata require finiteness of 
^ , the data domain which is typically obtained by abstracting the program's data, for instance, 
using the predicate abstraction techniques [2, 8]. In many cases, reasoning over finite ab- 
stract domains yields to a too coarse analysis and is therefore not precise. To palliate this 
problem, it is natural to model a procedural program with integer variables as a pushdown 
automaton manipulating counters. In general, pushdown automata with counters are Tur- 
ing powerful which implies that basic decision problems are undecidable (this is true even 
for the case finite-state automata with counters). 

Therefore one has to look for restrictions on the model which retain sufficient expres- 
siveness while allowing basic properties like reachability to be algorithmically verified. One 
such restriction is to forbid the test of a counter and a constant for equality. In fact, forbid- 
ding test for equality implies the decidability of the reachability problem for the case of 
finite-state automata with counters (i.e. Petri nets [12, 15]). 

The verification problem for pushdown automata with (restricted) counters boils down 
to check whether a context-free language (CFL) and a Petri net language (PNL) are disjoint 

or not. We denote this last problem PNLnCFL = 0. 
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? 

The decidability ofPNLnCFL = 0is open and lies at the very edge of our comprehen- 
sion of infinite-state systems. We see two breakthroughs contributing to this question. First, 
determining the emptiness of a PNL was known to be decidable as early as the eighties. 
Then, in 2006, Reinhardt [15] lifted this result to an extension of PN with inhibitor arcs (that 
allow to test if a counter equals 0) which must satisfy some additional topological condi- 
tions. By imposing a topology on the tests for zero, Reinhardt prevents his model to acquire 
Turing powerful capabilities. We call his model PNW and the languages thereof PNWL. 

Our contribution to the decidability ofPNLnCFL = comes under the form of a 
partial answer which is better imderstood in terms of imderapproximation. In fact, given a 
PNL Li and the language L of a context-free grammar we replace L by a subset L' which is 
obtained by discarding from L all the words that cannot be derived within a given budget 
/c G IN on the number of non-terminal symbols. (In fact, the subset L' contains any word of 
L that can be generated by a derivation that contains at most k non-terminal S5rmbols at each 
derivation step.) We show how to compute L' by annotating the variables of the context-free 
grammar for L with an allowance. What is particularly appealing is that the coverage of L 
increases with the allowance. Approximations induced by allowances are non-trivial: every 
regular or linear language is captured exactly with an allowance of 1, L' coincides with L 
when the allowance is unbounded, and under commutativity of concatenation L' coincides 
with L for some allowance fc G N. 

We call finite-index CFL, or fiCFL for short, a context-free language where each of its 

words can be derived within a given budget. In this paper, we prove the decidability of 

? 

PNL n fiCFL = by reducing it to the emptiness problem of PNWL. We also prove the 
converse reduction; showing those two problems are equivalent. Hence, we offer a whole 
new perspective on the emptiness problem for PNWL and PNL fl CFL. 

To conclude the introduction let us mention the recent result of [1] which builds on 
[12] to give an alternative proof of Reirvhardt's result (PNW reachability is decidable) for the 
particular case where one counter only can be tested for zero. 

2 Preliminaries 

2.1 Context-Free Languages 

An alphabet Z is a finite non-empty set of symbols. A word w over an alphabet E is a finite 
sequence of symbols of E where the empty sequence is denoted e. We write S* for the set of 
words over E. Let L C E*, L defines a language. 

A context-free grammar (CFG) G is a tuple {X, E, V) where A" is a finite non-empty set of 
variables {non-terminal letters), E is an alphabet of terminal letters, and PC(A'x(A^UEU 
{e})) a finite set of productions (the production (X, w) may also be denoted by X — )■ w). For 
every production p = {X,w) G V, we use head{p) to denote the variable X. Observe that 
the form of the productions is restricted, but it has been shown in [11] that every CFG can 
be transformed, in polynomial time, into an equivalent grammar of this form. 

Given two strings u,v G (E U A") * we define the relation u v, if there exists a produc- 
tion {X,w) G V and some words y,z G (E U -Y)* such that u — yXz and v = ywz. We use 
^* for the reflexive transitive closure of =^. Given X G A", we define the language Lg(X), 
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or simply L{X) when G is clear form the context, as {lo G Z* | X iv}. A language L is 
context-free (CFL) if there exists a CFG G = {X,11.,V) and A E X such that L = Lg{A). 

1.1 Finite-index Approximation of Context-Free Languages 

Let A: e N, G = {X , Z, V) be a CFG and A & X. A derivation from A given by A = ao =^ 
«! =^ • • • =^ a„ is k-index bounded if for every / e {0, . . . , n} at most k symbols of a, are 
variables. We denote by L^'^\A) the subset of L{A) such that for every w G there 
exists a A: index bounded derivation A =>* iv. We call L('^)(A) the k-index approximation of 
L(A) or more generically we say that L^'^\A) is a finite-index approximation of L{A).* 

Let us now give some known properties of finite-index approximations. Clearly 
limit _!.co ^^^^ (^) = ^(^)- Moreover, let L be a regular or linear language^, then there exists a 
CFG G', and a variable A' of G' such that L(A') = L = L^^\A'). Also Luker showed in [14] 
that if L{A) C L(w* • • • zt^*) for some it;; G Z*, then L('^)(A) = L(A) for some G IN. More 
recently, [5, 7] showed some form of completeness for finite-index approximation when 
commutativity of concatenation is assumed. It shows that there exists a fc G N such that 
L(A) C n(L('^'(A)) where n(L) denotes the language obtained by permuting symbols of 
w for every w ^ L. As an incompleteness result, Salomaa showed in [16] that for the Dyck 
language Lo* over 1-pair of parentheses there is no CFG G', variable A' of G' and /c G N 
such that (A') = Ld*. 

Inspired by [4, 6, 5] let us define the CFG G^ which annotates the variables of X with a 
positive integer bounding the index of the derivations starting with that variable. 



Definition 1. LetG^ = (A'W/Z,^^) be the context-free grammar defined as follows: 
A'W = (xM I < z < A:AX G x\,andV^^^ is the smallest set such that: 



• For every X ^YZg has the productions X^^ yl'-ilzM andXt'l ^ yHzI'-^l 
for every i E {1, . . . ,k}. 

• For every X ^ a E V with (7 G E U {e}, Xl'l ^ G for aJi / G {0, . . . , fc}. 

What follows is a consequence of several results from different papers by Esparza et al. 
For the sake of clarity we give a direct proof in the appendix. 

Lemma 2. LetX G X. WehaveL(xW) = L^''+^\X). 
2.3 Petri nets with Inhibitor Arcs 

Let Z be a finite non-empty set, a multiset m : Z i— > N over Z maps each S5Tnbol of Z to a 
natural number. Let M[Z] be the set of all multiset over Z. 

We sometimes use the following notation for multisets m = {qi, qi, q^\ for the multiset 
m G ^[{qi,qi,q3,qi}] such that m(i^i) = 2, m(tj2) = ^{qi) = 0, andm((^3) = 1. The empty 
multiset is denoted 0. 

Given m, m' G M[Z] we define m © m' G M[Z] to be the multiset such that Vfl G 
Z: (m © m')(fl) = m{a) + m'(fl), we also define the natural partial order :< on M[Z] as 

*Finite-index approximations were first studied in the 60's. 
^See [10] for definitions. 
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follows: m ^ m' iff there exists m'^ G M[S] such that m © m'^ = m'. We also define 
m © m' G M [Z] as the multiset such that (m © m') © m' = m provided m' ^ m. 

A Petri net with inhibitor arcs (PNI for short) N = {S,T,F = (Z, J,0),m,) consists 
of a finite non-empty set S of places, a finite set T of transitions disjoint from S, a tuple 
F = {Z,I,0) of functions Z: T ^ 1^ , I: T ^ M[S] and O: T ^ M[S], and an initial 
marking G M[S]. A marking m (G M[S]) of N assigns to each place p G S m(p) tokens. 

A transition i G T is enabled at m, written m [f), if 7(f) < m and m(p) = for all 
■p G Z(f). A transition f that is enabled at m can he fired, yielding a marking m' such that 
m' = (m © l{t)) © 0{t). We write this fact as follows: m \t) m'. We extend enabledness 
and firing inductively to finite sequences of transitions as follows. Let w ^ T* . liw = £ we 
define m [w) m' iff m' = m; else iiw = u-v we have m [w) m' iff 3mi : m [u) mi A mi [v) m'. 

From the above definition we find that m is a reachable marking from mo if and 
only if there exists w G T* such that mo [w) m. Given a language L C T* over the 
transitions of N, the set of reachable states from mo along L, written [mo)^, coincides with 
{m I 3w G L : mo [iv) m}. Incidentally, if L is unspecified then it is assumed to be T* and we 
simply write [mo) for the set of states reachable from mo. For clarity, we shall sometimes 
write the PNI in subscript, e.g. mi G [mo)^. 

A Petri net with weak inhibitor arcs (PNW for short) is a PN I N = (S, T, F = (Z, J, O), m,) 
such that there is an index function / : S i— )■ N with the property: 

yp,p' G S: f{p) < fip') ^ (Vf G T: p' G Z(0 ^ p G Z{t)) . (1) 

A Petri net (PN for short) can be seen as a subclass of Petri nets with weak inhibitor arcs 
where Z(t) =0 for all transitions i G T. In this case, we shorten F as the pair {I, O) . 

The reachability problem for a PN I N = (S, T, F = (Z, 7, 0), m,) is the problem of decid- 
ing, for a given marking m, whether m G [m,) holds. It is well known that reachability for 
Petri nets with inhibitor arcs is undecidable [9]. However, the following holds: 

Theorem 3.[15] The reachability problem for PNW is decidable. 

2.4 The reachability problem for Petri nets along finite-index CFL 

Let us formally define the problem we are interested in. Given: (1) a Petri net N = 
(S, T, F, m,) where T ^ 0; (2) a CFG G = {X, T, V) and A e X; (3) a marking my G M[S]; 
and (4) a value A: G N. 

Does my G [m,)^"^^^^ hold ? 
In what follows, we prove the interreducibility of the reachability problem for PN along 
finite-index CFL and the reachability problem for PNW. 

3 From PN reachability along fiCFL to PNW reachability 

In this section, we show that the reachability problem for Petri nets along finite-index CFL 
is decidable. To this aim, let us fix an instance of the problem: a Petri net N = (S, T, F, mj) 
where T 7^ 0, a CFG G = {X, T, P), m/ G M[S], and a natural number A: G N. Moreover, 
let gW = ( A" W, T, ) be the CFG given by def. 1. 
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Lemma 2 shows that my e [m,) 



l('^+i)(A) 



if and only if my G [m,) 

r(AW) 



l(aH) 



Then, our 



decision procedure, which determines if my G [m,) proceeds by reduction to the 

reachability problem for PNW and is divided in two steps. First, we reduce the question 

my G [m,)^*^^' to the existence of a successful execution in the program of Alg. 1 which, in 
turn, is reduced to a reachability problem for PNW. Let us describe Alg. 1. 
Part 1. Alg. 1 gives the pro- 



cedure traverse in which Mj 
and Mf are global arrays of 
markings with index ranging 
from to fc (i.e., for every 
/ G {0,...,fc}, Mi[/-],Mf[/-] G 
M[S]). We say that a call 
traverse ( X [^1 ) successfully re- 
turns if there exists an execu- 
tion which eventually reaches 
line 19 (i.e., no assert fails) 
and the postcondition Mi [/] = 
Mf[/] = for every ; G 
{0, . . . , £} holds. Moreover we 
say that a call traverse {X'^^^) is 
proper if Mi|y'] = Mf[/'] = 
for all i < £. Let 
£ G {0,. . . ,k}, we shall now 
demonstrate that a proper call 
traverse (X^^^) successfully re- 
turns if and only if there ex- 
ists w G L(XM) such that 
M;[£] [w)^Mf[£]. 



Algorithm 1: traverse 



Input: A variable G -^W of 



1 begin 




2 


Let p G T^W such that head{p) = Xl^l 


3 


switch p do 


4 




case XM ^o" /*o-GEU{e} 


5 






Mi[£] := (Mi[^] e: ((7) )eO(cr) 


6 






sub.*Jo{Mi[£],Mf[i]) 


7 




case XM ^bMc[^-i] 


8 






transfer. from Jo {Mf [£], Mf — 1] ) 


9 






add_*Jo{Mf[£],Mi[£-l]) 


10 






traverse (C^^-^^^) 


11 






assert Mi [/] = Mf [/] = for all j < £ 


12 






traverse (B^''^) 


13 




case XM ^ bI^-^cM 


14 






transfer _from Jo {M\ [£], M\ — 1]) 


15 






add_*Jo{M;[i],Mf[^ - 1]) 


16 






traverse{B^^~^^) 


17 






assert Mi [/] = Mf[/] = for all; < £ 


18 






traverse (C^^^) 


19 


return 



Algorithm 2: add-*Jo,sub-*Jo 

Input: src\,src2 
begin 

Let qty s.t. < qty 
if add_*Jo then 

I (srci,src2) := (srci,src2) ©(/ty 
else// sub-* Jo 

|_ (srci,src2) := (srci,src2) 6(?fy 



Algorithm 3: transfer -from Jo 

Input: src, tgt 
begin 

Let qty s.t. 

^ (jfy < src 
tgt := tgt® qty 
src :— src Q qty 



The formal statement is given at Lem. 4. We give some intuitions about Alg. 1 first. 

The control flow of traverse matches the traversal of a derivation tree of G^^'^ such that at 
each node traverse goes first to the subtree which carries the least index. The tree traversal 
is implemented through recursive calls in traverse. To see that the traversal goes first in the 
subtree of least index, it suffices to look at the ordering of the recursive calls to traverse in 
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the code of Alg. 1, e.g. in case the of Une 7, traverse {&^'^^) is called before traverse{B^^^). 

Reasoning in terms of derivation trees, we have that the proper call traverse {X'^^^) re- 
turns iff there exists a derivation tree t of with root variable X^^l such that the sequence 
of transitions given by the yield of t is enabled from the marking stored in Mi [£] and its 
firing yields the marking stored in Mf [£] . 

Because of the least index first traversal, it turns out that the arrays M] and Mf provide 
enough space to manage all the intermediary results. 

Also, we observe that when the procedure traverse (X^^^) calls itself with the parame- 
ter, say fit^l, the call is a tail recursive call. This means that when traverse (B^^^) returns then 
traverse {X^^'^) immediately returns. It is known from programming techniques how to im- 
plement tail recursive call without consuming space on the call stack. In the case of Alg. 1, 
we can do so by having a global variable to store the parameter of traverse and by replacing 
tail recursive calls with goto statements. For the remaining recursive calls (line 10 and 16), 
because the index of the callee is one less than the index of the caller, we conclude that a 
bounded space consisting of k frames suffices for the call stack. 

Those two insights (two arrays with k entries and a stack with k frames) will be the key 
to show, in Part 2, that traverse can be implemented as a PNW. 

Lemma 4. Let £ e {0,...,fc}, e A* and m,m' e M[S]. Then, the proper call 
traverse (X^^^) with context M\[i] = m and M{[£] = m' successhxUy returns if and only if 
there exists w e L(xM) such thatxa [w)j^ m'. 

Proof. If. We prove that if there exists w G L(X[^]) such that m [w) m' then the proper 
call traverse{X\'^^) with Mi[£] = m and Mf [£] = m' successfully returns. 

Our proof is done by induction on the length n of the derivation of w G L(X[^1). For 
the case n = 1, we necessarily have X'^l =^ w = cr for some {X\^\a) G . In this case, the 
proper call traverse (X\^^) with Mi[f] = m and Mf[£] = m' executes as follows: p — (XM,(7) 
is picked and the case of line 4 executes successfully since m = Mj [i] [a) Mf [£] = m' holds. 
In fact, after the assignment of line 5 we have M, [£] = Mf[£]. From there, the call to sub-*Jo 
can return with Mi [£] = Mf [£] = which shows that traverse{X\^^ ) successfully returns. 

For the case n > 1, we have X'^' w which necessarily has the form Xt^l ^ 
^[e]Q[l-\] ^n-i ^ or Xl^l b[^-i1cM ^"-1 w by def. of G^. Assume we are in the latter 
case. Thus there exists Wi and W2 such that XM => bI^^^IcI^I WiC^'''^ WiZV2 = w with 
i + i — n — 1 and 3mi : m [ivi) mi [102) m'. Observe that G L(B[^^^]) and G L(C[''') and 
so by induction hypothesis we find that the proper call traverse{B'^^^^^) with Mi — 1] = m, 
Mf[£ — 1] = mi successfully returns. And so does, by induction hypothesis, the proper 
call traverse {C\^^) with Mi[£] = mi, Mf [£] = m'. Therefore let us consider the proper call 
traverse (X^^^) with Mi[^] = m, Mf [^] = m'. We show it successfully returns. 

First observe that the call to the procedure traverse (X^^^) is proper. Next, at line 2, 
pick p = (xM,B[^-i1cM). Then the call transfer _fromJo{M;[£],M\[£ - 1]) of line 14 exe- 
cutes such that Mi [£] is updated to and Mi [£ — 1] to m. Next the call to the procedure 
add.*Jo{M\ [£], Mf - 1] ) of line 15 executes such that both Mi [£] and Mf [£ — 1] are updated 
to mi. Recall that m [wi) mi [W2) m'. 

Finally we showed above that the proper call traverse (B^^^^^) successfully returns, the 
assert that follows too and finally the proper call traverse (C^^^). Moreover it is routine to 
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check that upon completion of frayerse(CM) (and therefore frayerse(XM)) we have M\\j] = 
Mf[/1 = for all; < i. 

The left case (i.e. p = (X^, B^V'^^) e pW) is treated similarly. 

Only If. Here we prove that if the proper call traverse (X^^^) successfully returns then there 
exists w e L(XM) such that Mi[£] [w)^ Mf 

Our proof is done by induction on the number n of times line 2 is executed during the 
execution of traverse (X^^^). In every case, line 2 is executed at least once. For the case n = 1, 
the algorithm necessarily executes the case of line 4. The definition of G^^^ shows that along 
a successful execution of traverse (X^^^), the non deterministic choice of line 2 necessarily 
returns a production of the form p = (xM,(r) g Therefore, a successful execution 
must execute line 5 and 6 and then 19 after which the postcondition Mi [/] = Mf [/] = for 
all j < i holds. Because the postcondition holds, we find that M.\[i] = Mf [£] holds before 
executing line 6, hence that Mf[£] = M\ [£] Q I{<7) ® 0{a) before executing line 5, and finally 
that Mi [£] [a) Mf [£] by semantics of transition a and we are done. 

For the case n > 1, the first non deterministic choice of line 2 necessarily picks p G "PW 
of the form {xW,bW^-^]) or (XM, fil^-ilcM). Let us assume p = {Xm,BWcV-^^), hence 
that the case of line 7 is executed. Let m and m' be respectively the values of Mi [£] and 
Mf[i] when traverse {X'^^'^) is invoked. Now, let ma, mA be such that m' = © and such 
that upon completion of the call to transfer _from Jo at line 8 we have that Mf [i] = and 
Mf — 1] = ii^3- Moreover, let m2 be the marking such that Mi — 1] = m2 upon comple- 
tion of the call to add_*Jo at line 9. Therefore we find that Mf [£] is updated to © m2. 
Next consider the successful proper call traverse{C^^^^^) of line 10 with M\[£ — 1] = m2, 
Mf[£ — 1] = ma. Observe that because the execution of traverse {x'^''^) yields the calls 
traverse{C^^~^^) and traverse (B^^^), we find that the number of times line 2 is executed in 
traverse {C^^~^^) and traverse (B^^^) is strictly less than n. Therefore, the induction hypothesis 
shows that there exists ZV2 such that W2 G L(C['^^^]) and m2 [102) m^. Then comes the suc- 
cessful assert of line 11 followed by the successful proper call traverse {B^^"^) of line 12 with 
Mj [i] = m and Mf [£] = mA © m2. Again by induction hypothesis, there exists wi such that 
wi G L(B[^]) and m [wi) (mA © m2). 

Next we conclude from the monotonicity property of PN that since m2 [102) m3 then 
(m2 © mA) [W2) (ms © mA), hence that m [wi) (m2 © mA) [^2) (ma © mA) and finally that 
m [wi IV2) ra' because m' = ms © mA- Finally since W1W2 G L(X[^1) we conclude that m' G 

[m)^^^' and we are done. 



The left case (i.e. p = (XM, fil^-ilcl^l) G pW) is treated similarly 
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Part 2. In this section, we show that it is possible to construct a PNI N' such that the problem 
asking if the call to traverse {A'^^^) successfully returns can be reduced, in polynomial time, 
to a reachability problem for N'. Incidentally, we show that N' is a PNW, hence that the 
reachability problem for PN along finite-index CFL is decidable. 

To describe N' we use a generalization of the net program formalism introduced by 
Esparza in [3] which enrich the instruction set with the test for of a variable. 

A net program is a finite sequence of labelled commands separated by semicolons. Basic 
commands have the following form, where £, £i,...,£k are labels taken from some arbi- 
trary set, and x is a variable over the natural numbers, also called a counter. 

£:x:=x — l ^: if x = Othen goto£' ^: return 

£:x:=x + l goto 4 or • • or goto 4 £: halt 

£:gotof e-.gosuhi' 

A net program is syntactically correct if the labels of commands are pairwise different, 
and if the destinations of jumps corresponds to existing labels. Moreover we require the 
net program to be decomposable into a main program that only calls first-level subroutines, 
which in turn only call second level subroutines, etc and the jump commands in a subroutine 
can only have commands of the same subroutine as destinations.* Each subroutine has a 
unique entry command labelled with a subroutine name, and a unique exit command of the 
form £: return. Entry and exit labelled commands are distinct. 

A net program can only be executed once its variables have received initial values. In 
this paper we assume that the initial values are always 0. The semantics of net programs is 
that suggested by the syntax. 

The compilation of a syntactically correct net program to a PNI is straightforward and 
omitted due to space constraints. See [3] for the compilation. 

At Alg. 4 is the net program that implements Alg. 1. In what follows assume S, the set 
of places of the underlying Petri net, to be {\,. . . ,d} for d > 1. The counter variables of 
the net program are given by {x^ }o<i<k,xex ^^id Mf [0..fc] [l..d] M\ [0..k] [l..d] which arranges 
counters into two matrices of dimension (k + l) x d. For clarity, our net programs use some 
abbreviations whose semantics is clear from the syntax, e.g. M][£] := M][£] © m stands for 
the sequence M; [£] [1] := Mj [£] [1] + m(l); [...]; M; [£] [d] := M; [£] [d] + m{d). 

Let us now make a few observations of Alg. 4: 

• at the top level we have the subroutine main which first sets up M\[£] and Mf[£], then 
simulates the call traverse (X^^^) and finally checks that the postcondition holds (label Oi) 
before halting (label success). 

• the counter variables {x^'^o<i<k,xeX defines the parameter of the calls to traversey. For 
instance, a call to traverse {X^i^ ) is simulated in the net program by incrementing and then 
calling subroutine traverse^. 



■t-Here we consider the main program as a zero-level subroutine, i.e. jump commands in the main program 
can only have commands of the main program as destinations. 
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Algorithm 4: main invoking 
traverse{X^^^) with m, m' and subrou- 
tines traversey where < j < £ imple- 
menting the calls ^traverse{X^^ ) j-^ ^. 

main: Mi ] := Mi[£] ffim; 
Mf[e] :=Mf[£]©m'; 

gosub traverse^; 
oi if Mi[0.i] = = Mf [O.i] then 
|_ goto success; 

traverscj: gOtO pj Or • • • Or gOtO Pn', 

[■■■]; 

P,„: xlil := - 1; 

Mil/] :=Mi[/]e7(£r); 
Mi[;] :=Mi[/]®0(c7); 
gosub sub-toy; 
goto exit; 



1; 



Pij: X"' := X" 

gosub tr.fj.f(y 1); 
gosub add_to_iy ij_fy; 

gosub traverse(y ]^); 
02 if Mi[O..;-l] = = Mf[O..j 
L gotoU; 

11: := + 1; 
goto traverse^; 

[■■■]; 

:= - 1; 

gosub tr.iy.i(y 1); 
gosub add_to_iy_f 1^; 



1] then 



y 



+ 1; 



1] then 



gosub ti!Lvetse(j_iy, 
03 if Mi[O..;-l]=0 = Mf[O..; 
L goto 12; 

12: zI/1 := zW + 1; 
goto traverse^; 

[■■■]; 

exit: return; 

[...]; 

ccess: halt; 



Lemmas. Let £ g {0, . . . xM 

traverse{X^^^) with Mi[i] = m, Mf[i] 



• the non-deterministic jump at label 
traverse^ simulates the selection of a produc- 
tion rule pi^, = {X^^,w) which will be fired 
next (if enabled else the program fails). 

• the missing code for the subroutines 
tr_fj_fy_i, add_to_ij_fj_i, and sub_tOj can be 
found in the appendix although it is pretty ob- 
vious to infer from Alg. 2 and Alg. 3. The code 
for tr_iy_iy 1, add_to_fy_iy_i and traverseo is 
also routine to write. 

• the program is syntactically correct. First, 
the levels are assigned to subroutines as 
follows: 



level of tr_fy_fy_i. 



the level of traverse^ is the 
tr_iy_ij 1, add_to_iy_fj 1, 
add_to_f and sub.toy is / — 1. Given that 
level assignment, it is routine to check that 
subroutines of level / only call subroutines of 
level i — 1. Moreover, thanks to the program- 
ming techniques that allow to implement the 
tail recursive call as a goto instead of gosub 
we find that the program is synctactically cor- 
rect. (If we had used gosub everjrwhere, then 
the net program would be synctactically in- 
correct). Also observe that each jump com- 
mands does not leave the subroutine inside 
which it is invoked. 

• the tests for (labels Oi, O2, 03) have a par- 
ticular structure matching the level of the 
subroutines (level for Oi and / for O2 and 
O3). So, after compilation of the net pro- 
gram into a PNI N', if we set a mapping / 
from the places of N' to N such that c is 
mapped to / if c G {M; [i] \j] | ; G {1, . . . , rf} } U 
{Mf [i] [/■] I ; G {1, . . . and every other 
place is mapped to £ -I- 2 then we find that N' 
is a PNW. Clearly, deciding whether Alg. 4 
halts reduces to PNW reachability. Therefore, 
by Thm. 3, it is decidable whether Alg. 4 halts. 

G A'W, and m,m' G M[S]. Then the proper call 
m' successfully returns iff Alg. 4 halts. 



Hence from Lem. 2, 4 and 5, we conclude the following. 

Corollary 6. The reachability problem for PN along finite-index CFL can be reduced to 
the reachability problem for PNW. 
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4 From PNW reachability to PN reachability along fiCFL 

In this section, we show that the reachability problem for PNW can be reduced to the reach- 
ability problem of PN along finite-index CFL. To this aim, let N = {S,T,F = (Z, I, O), m;) 
be a PNW, G M[S] a marking, and / : S i-^- IN an index function such that (1) holds. 

Let S = {si, . . . , Sn+i} and T = {ti, . . .,tm}- Because it simplifies the presentation we 
will make a few assumptions that yield no loss of generality, (i) For every i e {1, • • • , n}, 
we have /(s,) < /(s;+i), (n) m, = [[s„+i|, = 0, (iii) Z{ti) C 2(^2) C • ■ • C Z(f,„) C 
{si,. . .,s„}, and {iv) for every f G T, if s G Z{t) then 0(t)(s) = (see [15], Lemma 2.1). 
Notice that the Petri net N can not test if the place Sn+i is empty or not. 

In the following, we show that it is possible to construct a Petri net (without inhibitor 
arcs) N' , a marking m^, and a finite-index CFL L such that: G ^/ ^ ["^On'- 

Constructing the Petri net N': Let N' = (S', T', f ' = (/', O'), m[) be a PN which consists in 
n + 1 unconnected PN widget: the widget No given by N without tests for zero (i.e. Z{t) is 
set to for every f G T) and the widgets Ni,...,N„ where each N/ = {{ri}, {pu Cj}, fj, 0) 

Pi ''i C,- 

where Fi(p,-) = (0, [[r/]]) and F,'(c,-) = (Ir/]1,0). N,- is depicted as follows: ■ ■• 
Finally, define m' G M[S'] to be mj(s) = m,(s) for s G S and elsewhere; and = 0. 

Since we have the ability to restrict the possible sequences of transitions that fire in N', 
we can enforce the invariant that the sum of tokens in s, and r, stays constant. To do so it 
suffices to force that whenever a token produced in s, then a token is consumed from r, and 
vice versa. Call L the language enforcing that invariant. Then, let m be a marking such that 
m(s;) = m(r,) = 0, observe that by firing from m a sequence of the form: (z) pi repeated n 
times, (ii) any sequence w & L and (iii) Ci repeated n times; the marking m' that is reached 
is such that m'(sj) = m'(ri) = 0. This suggests that to simulate faithfully a tiansition to of 
N that does test s,- for we allow the occurrence of the counterpart of to in Nq right before 
(/) or right after (iii) only. In what follows, we build upon the above idea the language L„ 
which, as we we will show, coincides with the finite-index approximation of some CFG. 

We need the following notation. Given a word z; G E* and C Z, we define z;|0 to 
be the word obtained from v by erasing all the symbols that are not in 0. We extend it to 
languages as follows: Let L C Z*. Then Lie = {wjo | w G L}. 

Constructing the language L„: For every ; G {l,...,m}, let uj = p^p^ ■ ■ ■ pll' and 
Vj = c^^C2^---Cn" be two words over the alphabet T' such that = I{tj){s() and 
ki = 0{tj){s£) for all i G {1, ...,n}. Observe that firing VjtjUj keeps unchanged the 
total number of tokens in {s,, r,} for each i G {1, ...,n}. Let i G {0, ...,n} define 
Ti = {vj ■ tj • Uj I Z{tj) = {si,. . .,s^}}.§ Also given a,b G Z* and Z C E*, define {a,h) i^Z 
as the set {a' • z • fc' | f G N A z G Z}. 

Define the CFLs Lq, ■ ■ ■ ,L„ inductively as follows: Lq = Tq and for < £ < n define 
Li = (((p^,q) ★ L£_i) U Ti) . It is routine to check that Lq C Li C • • • C L„ (since L^_i C 
(pifCi) -kLi-i)) and L„|t = T* (since L„ D Uf=o ^0- Also, Lq is a regular language and 
therefore there exists a CFG Go and a variable Aq of Go such that L^^^Aq) = Lq. Now, let us 
assume that for there exists a CFG G, and a variable A; such that L^'^^^\Ai) = Li. From 



§Note that if£ = then {sj, ...,S(}=(Z>. 
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the definition of Lf_|_i it is routine to check that there exists a CFG G;+i and a variable 
such that L('+^^(A,_|_i) = L,_|_i. Finally we find that L„ can be captured by the n + 1-index 
approximation of a CFG. 

Lemma 7. Let£ e {0,...,n}. 7fmi,m2 G M[S'] such that m2 E [mi)^„ then m2(sy) + 
m2(ry) = mi (sy) + mi (rj) for all ; e {1, . . . , n}. 

Let us make a few observations about the transitions of N' which were carrying out 
test in N. In no transition t such that Sf^i G Z{t) is allowed, that is no test of place s^+i 
for is allowed along any word of Lg. The language L/ imposes that the place Sg can only 
be tested for along T^. The intuition is that allows to test S£ for provided all places Sj 
and Vj for j < £ are empty. 

Let us introduce the following notations. Let m G M[S'] and Q C S', we write Q(m) 
for the multiset of M[Q] such that Q(m)((^) = m{q) for all q E Q. We define the following 
subsets of places of N': _R/ (resp. Sg) is given by {ri, . . . , r/ } (resp. {si, . . . , s^}). The proofs 
of lemmata that follow are done by induction and given in the appendix. 

Lemma 8. Let i e {0,...,n}, w e L(, and mfl,m|, G M[S'] such that 
(S^ UR^)(ma) = (S<? UR<?)(mfo) = and mf,. ThenS(mfl) S(m,,). 

Lemma 9. Lef ^ G {0, ...,n}, f/i,f/2 G M[S] such that Sf{}ii) = S£(^2) = and /^2 G 
[f/i)^^'^. Then there are mi, m2 G ]M[S'] such that S (mi) = fii, S(m2) = f<2/ Rei^^i) = 
Re{m2) = 0, andm2 G [mi)^^,. 

Lemma 10. m/(= 0) g [m,)^^ if and onlyifm'jr(= 0) G [m')^",. 

Proof. {=>) Assume that my G [m,)j^. Since L„|t = T* and S„(m;) = S„(my) = 0, the 
result of Lem. 9 shows that there are mi,m2 G M[S'] such that S(mi) = m;, S(m2) = my, 
^^(mi) = R„(m2) = 0, and m2 G [mi)^". This implies that m^ G [m()^" since m^- = m2 
and m^ = mi by definition. 

(^) Assume that m^- G [mj')^". The definition of and m^- shows that (Sn U R„)(m,) = 

(S„ U R„){m'f) = and therefore, by Lem. 8, we find that S(mJ) G [S(mO)57''', hence that 

my G [m, ) ^" ' ^ by definition of m,, m y, and finally that my G [mi ) since L„ 1 7- = T* . I 

As an iirmiediate consequence of Lemma 10, we obtain the following result: 

Corollary 11. The reachability problem for PNW can be reduced to the reachability prob- 
lem for PN along finite-index CFL. 

5 Conclusion 

In this paper, we have defined the class finite-index context-free languages (which is an in- 
teresting sub-class of context-free languages). We have shown that the problem of checking 
whether the intersection of a finite-index context-free language and a Petri net language is 
empty is decidable. This result is obtained through a non-trivial reduction to the reachability 
problem for Petri nets with weak inhibitor arcs. On the other hand, we have proved that the 
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reachability problem for Petri nets with weak inhibitor arcs can be reduced to the the empti- 
ness problem of the language obtained from the intersection of a finite-index context-free 
language and a Petri net language, which implies by [13] that the latter is EXPSPACE-hard. 
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A Missing Net programs 



Alg. 5 gives the net program which implements the call sufc.* Jo(Mi[£],Mf [£]). 



Algorithm 5: 

sub.to« goto exit or si or . . . or ; 

sr. Mi[£][l] :=Mi[^][l] -1; 
Mf[e][l] :=Mf[£][l]-l; 
goto sub_to^; 

[•■•]; 

s,: M-,[£][d] :=Mi[£][d] -1; 
Mf[e][d] := Mf[£][d] -1; 
goto sub_to£; 
exit: return; 



Alg. 6 implements the call add.*Jo{M\[£], Mf[£ — 1]). 



Algorithm 6: 

add.to_i<.ff 1 goto exit or Si or . . . or ; 

sr. M;[£][l] := Mi[^][l] +1; 

Mf[£-l][l] :=Mf[^-l][l]+l; 
goto add_to_i^_f^_i; 

[■••]; 

s,: M;[£][d] := Mi[£][d] +1; 

Mf[£ - l][d] := Mf[£ - l][d] + 1; 
goto add_to_i^_f^_i; 
exit: return; 



Alg. 7 implements the call transfer-lromJo{Mf[£],Mf[£ — 1]). 



Algorithm 7: 

trj£.ff 1 goto exit or Si or . . . or ; 

sr. Mf[£][l] :=Mf[£][l]-l; 

Mf[^-l][l] :=Mf[£-l][l]+l; 
goto tr_f^_f^_i; 

[...]; 

.,: Mf[£][d] := Mf[£][d] -1; 

Mf[£-l][d] := Mf[£ - l][d] + 1; 
goto tr_f^_f^_i; 
exit: return; 
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B Missing Proofs 

B.l Proof of Lemma 2 

Proof. Let w e E*, we shall demonstrate that =>* w iff there exists a derivation 
A ^* w that is + 1 index bounded. 

Only if. We have w for some £ G N \ {0}. The proof is done by induction on 

£. For the case £ = 1, we have ^ a;, hence that (aW,w) G and {A,w) G P by 
definition of G^'^l and finally that A^w is l<k + l index bounded. For the case £ > 1, the 
definition of shows that there exists a derivation of the form (1) At'^l ^ b[*^-i]cW 
zy^CW W1102 = TV where z +; = ^ - 1 or (2) aW ^ gWcI'^-i] B^''^W2 ^1^2 = 
where /' +]' = £ — ! which is treated similarly. Assume case (1) holds. Because B^^^^^ w\ 
where i < £ we find, by induction hypothesis, that there exists a derivation B ^* W\ that is 
k index bounded. Also, since W2 where j < £, the induction hypothesis shows that 

there exists a derivation C ^* IV2 that is A; + 1 index bounded. Finally, we conclude from 
(aW, fil'^-ilcW) G r^'^l that (A, BC) G hence that there exists a derivation A ^ BC ^* 
1(^1 C =>* i:i;iiti2 = IV that is + 1 index bounded and we are done. 

If. Let A for some £ G N\{0}beafc + 1 index bounded derivation. The proof is done 
by induction on £. For the case £ = 1, we conclude from A ^ w is A: + 1 index bounded that 
(A, If) G P by definition of G, hence that (AW,iy) G V^''^ by definition of G^ and finally 
that aW ^ zy. 

For the case £ > 1, there is a A: + 1 index bounded derivation of the form A BC =>^~^ 
If such that one of the following derivation isk + 1 index bounded: A => BC wiC 
W1W2 = w or A ^ BC Bw2 W1W2 = w where / + ; = £ — 1. 

Assume the former case holds (the other is handled similarly). Since the derivation 
is fc + 1 index bounded we find that B wi is k index bounded and C W2 is k + 1 
bounded. Because i < £ and j < £ we find, by induction hypothesis, that Wi G L{B^^^^^) 
and W2 G L(CW)- Finally, A ^ BC shows that (A,BC) G "P, hence we deduce that 
{(aW,B[*^-i1cW), (aW,bWc['^-i1)} C pW, and finally that A^ ^* w holds. I 

B,2 Proof of Lemma 7 

Proof. The proof is done by induction on £. 

Basis. £ = 0. Let w G Lq, that is w G Tq for some /c G N. The proof is by induction on k. The 
case fc = (w = e) is trivially solved. Let A: > 0, then w can be decomposed in wx, . . .,Wk 
where each Wi G Tq for i G {1, . . . , A:} and Wj is necesarily of the form Vj ■ tj ■ Uj. Finally since 
the firing of Vj ■ tj ■ Uj G Tq keeps unchanged the total number of tokens in {S;,rj} for each 
/ G {1, . . . , n} then so does all a; G Tq and we are done. 

Step. £ > Q. The definition of shows that w G (((p^, q) ★ L^_i) U T()^ for some /c G N. 
The proof is done by induction on k. The case A: = (if = e) is trivially solved. For A: > 
we have that w = Wi - ■ -Wi where Wi G (p^, C() ★ L^_i or w , G Tf . If Wi G Tf, then using the 
above reasoning we find that the the firing of any w ^ Tf keeps unchanged the total number 
of tokens in {s,, rj for each / G {1, . . . , n}. If if 1 G {pi, Ci) ★ L^_i then ifi = p'^vc'^ for some 
z G N, i; G L^_i. Since the result holds for every v G L^_i by induction hypothesis, we find 
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that it also holds for Wi by definition of p( and Cf and because they fire an equal number of 
times. Finally we use the induction hypothesis onw2 ■ ■ ■ iv^ (we can because W2 - ■ -Wjc ^ L^) 
and we are done. I 

B.3 Proof of Lemma 8 

Proof. The proof is done by induction on £. 

Basis. £ = 0. w E Lq = Tq and every transition t occurring in wjj is such that Z{t) = (Z), 
hence the def. of N' and iria [w)]^, mi, show that S{ma) [i^lT)^ S(m;,). 

Step. £ > 0. The definition of shows that iv G (((p^, q) ★ U T^)*^ for some 
A: e N. The proof is done by induction on k. The case k = {w = e) is trivially 
solved. For fc > we have that iv = Wi - ■ -iVk where Wi G {pe,Ci) ★ L^^i or Wj G Ti. If 
^1 € {p(,Cf-) -kL(_i then Wi = p)vc\ for some / G N, c G L^-i. Let mo, mg, m^mi such 
that = mo [p\) mQ [v) [c^) mi. We conclude from (S^ U R^)(mfl) = and that 
(S£_i U (mo) = 0. Next Lem. 7 shows that (S<>_i U R^_i) (m^) = 0. Hence, the induc- 
tion hypothesis on L£_i shows that S(mQ) [y|T)]v S(ini). Finally the definition of w\ shows 
thatwilr = hence that S(mQ) [wi 1 7) S(m^), and finally that S (mo) [wilr);^^ S (mi) since 
S(mo) = S(mQ) andS(mi) = S(mj). Also from the assumption (S^ U R^) (mo) = 0,zfi G 
and Lem. 7 we conclude that (S^ U R^)(mi) = 0. 

Let us now turn to the case wi G T^. Let mi such that m.a [w\) m\, we conclude 
from (S(? U Re){m.a) = 0, Wi G L( and Lem. 7 that (Si U R^)(mi) = 0, hence that 
S(mfl) [zyi|T)N S(mi) since wi\t = tj, Z{tj) = Sf and Sf {m.a) = 0. 

Finally we use the induction hypothesis onw2 - ■ -Wk (we can because (1) W2 - ■ -Wk ^ L£ 
and (2) we have shown that (S^ U R^) (mi) = in both cases) and we are done. I 

B.4 Proof of Lemma 9 

Proof. The proof is done by induction on £. 

Basis. £ = 0. First, let us observe that, since £ = 0, the predicates (f/i) = Sf {fi2) = and 
R£{m.i) = R£{m2) = are vacuously true. Let jii [u)-^}i2 where u G Lo|t- Then, there is 
a word w G Lo such that u = w\t- Let mi G M[S'] defined as follows: S(mi) = and 
f^iiXi) = \w\ for all i G {1, . . . ,n}. Then, we have mi [xJo)-f^, which yields m2 since there 
are enough tokens in the places R„. Moreover, we have S(m2) = }i2 since no transition in 
{pi, Ci, . . . , pn, Cn} has an arc to a place in S. 

Step. £ > 0. Since there is m G L^j^ such that pi [u)^ p2, then either case must hold: 

• Case 1: M G L^-il^. Then, we can use the induction hypothesis to show that there are 
m^,m2 G M[S'] and w' G L^_i such that S(m2) = pi, S(m2) = p2, ^i-ii^'i) = 
R£_i(m2) = 0, and m^ m2. Next, Lem. 7 shows that m[{sf ) +m^(r^) = 

m2(s^) + m2(r/;), hence that m^(r^) = m'2{rf) since St{pi) — and S(mJ) = pi for 
i G {1,2}. Let w = Pf iv'cj, G where ; = m'^(r^), and let mi,m2 G M[S'] such 
that Is' \ {ri}){mi) = (S' \ {ri}){m'^) and mi{re) = for i G {1,2}. From the above 
we find that (i) S(m,) = S{m'j) = pi for i G {1,2}, (ii) Re{mi) = R^ma) = 
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(since R(!_i(m^) = Rf _i{m2) = and by def. of mi, 1112) and (iii) mi [w)j^, m2 (since 
^li^e) — ^2{^e) we can show that mi m^ [w') mj c^^ m2) and we are done. 
• Case 2: u = Woti^Witi^W2 ■ ■ ■ ti^wi^ for some Wi, . . . ,wj^ G L^-i|t and ti^, ■ ■ - iti^ G T^lr 
(also Z(i,j) = ••• = Z(f,J = Se). To simplify the presentation, we assume that 
k = 1. (The general case can be handled in the same way.) Then, there are 
f/pf/j ^ M[S] such that jii [wq) ji[ [f/j) [^1) Hi- Since ji[ [f,j) f/j/ -Zlf/i) = S( and 
S^(0(ijj)) = 0, we have S^(//^) = Sg{fi'2) = 0- Hence, we can apply the first case 
to the runs f<i [wq) }i[ and [^1) Hi, to show there are mi,m^,m2, m2 G M[S'] such 
that S(m;) = m, S(m;) = K^(m;) = R^(m,) = for / G {1,2}, m^ G [mi)^*„ and 
m2 G [mj)^,. Moreover G T^It shows that there exist G {p^+i, . . . , p„}* and 
1, . . . , c,,}* such that m,j • f,j • Vi-^ G T^. Therefore we can pick mi, m^, m!^, tn.2 
such that in addition to the above constraints we have m'^ [u ,j tj^ Vj^ ) j^, mj which is pos- 
sible since [tj^) ji'^ and S(m-) = }i[ for z G {1/2}. Finally the above reasoning shows 
thatm^ G [mi)^^„ mj G [m^)^^„m2 G [m2)^„ hence that m2 G [mi )^^, by definition of 
and we are done since S(m;) = R^(m;) = for z G {1,2}. I 



